CVE-2007-0163 Information

Description

SecureKit Steganography 1.7.1 and 1.8 embeds password information in the carrier file which allows remote attackers to bypass authentication requirements and decrypt embedded steganography by replacing the last 20 bytes of the JPEG image with alternate password information.

Reference

http://homepage.mac.com/adonismac/Advisory/steg/steganography.html http://osvdb.org/31244 http://secunia.com/advisories/23639 http://www.securityfocus.com/archive/1/456283/100/0/threaded http://www.securityfocus.com/archive/1/456519/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/31378